Whoops! Cisco changed its default admin password (to ‘Cisco1234’)

Graham Cluley

Whoops! Cisco changed its default admin password (to 'Cisco1234')

Cisco password
There’s an amusing story by Simon Sharwood in The Register today.

Apparently when Cisco shipped its Unified Computing System (UCS) boxes between November 17, 2015 and January 6, 2016 it made a configuration error.

You see, when you try to set them up you won’t be able to access them with the default admin password of – wait for it – “password”. Instead, for reasons best known to Cisco they changed the default password to the marginally less insecure (but not documented) “Cisco1234”.

Part of Cisco advisory

So, no. If you’re a sysadmin who is trying to log into your new Cisco kit’s Cisco Integrated Management Controller (CIMC), and are banging your head against the wall because the default password isn’t working, for once it’s not a case of RTFM.

It should go without saying that as soon as you gain access to your shiny new Cisco box you should reset the password. But not to “password”. Obviously. If you stick with the default password that a product ships with you’re just asking for trouble.

More details about the issue are given in an advisory that Cisco published yesterday.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

3 Replies to “Whoops! Cisco changed its default admin password (to ‘Cisco1234’)”

  1. Actually, the cisco1234 is the one used in the labs for the CCNA (and old CCNP) certificates (once the practices for hardening begin to take place). So, seem someone from Cisco had been with nightmares with that password

  2. Priceless!! All coming from the "security company" that instead of joining standards like IF-MAP has decided that after sitting in for awhile (to gather what it could) decided to go make their own proprietary one (as usual)

    1. 1. Cisco Systems isn't a security company.
      2. Humans aren't perfect.
      3. Humans make mistakes. See point 2.
      4. Even those with the best intentions can go afoul. See points 2 and 3.
      5. As Raul points out, there is some history with this password.

      You also demonstrate some of these points. No, I'm not criticising you but merely pointing out that this is an honest mistake and that is something we all do (anyone claiming otherwise isn't being honest to themselves and by extension to anyone else).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.




Stay informed!

Join thousands of others by signing-up for the free “GCHQ” newsletter, containing the latest news and tips from security expert Graham Cluley.

Name:

Email:

Yes, I would like to subscribe to email updates from Graham Cluley. I know it’s easy to unsubscribe if I ever change my mind.